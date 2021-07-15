It’s an offshoot of a program called Rewards for Justice aimed at combating international terrorism — another sign the administration is increasingly treating ransomware as a top national security threat.
The program is part of a four-pronged strategy that officials are announcing today, according to a preview from a senior administration official. It's a response to a wave of blockbuster ransomware attacks in recent months that have disrupted U.S. gas supplies in the southeast, threatened to hinder meat supplies and wreaked havoc on hundreds of schools, local governments and small businesses.
Other elements of the strategy involve:
- Making it more difficult for ransomware gangs to transfer funds using cryptocurrency
- Urging international cooperation to combat ransomware
- Making U.S. institutions more resilient against hacking.
But don’t expect things to get better right away. The official emphasized it will be a long-haul effort and that more damaging ransomware hacks are probably on the horizon before it’s fully implemented.
“This is a problem that's built up over a number of years and it's not something that will be solved in a moment,” the official said. “It won't be turned off like a light switch. But we're looking for meaningful, meaningful progress.”
The announcements are the first outcomes of a government-wide effort to crack down on ransomware launched by the White House in May.
During that time, the administration has settled on its major priorities. But a lot of details are still murky.
It’s not clear, for example, how aggressively U.S. officials are willing to go after ransomware hackers operating in Russian territory.
The Justice Department scored a big win last month when it clawed back more than $2 million that Colonial Pipeline paid to unlock its computers after an attack that disrupted gas supplies in the southeastern United States.
But such wins have been few and far between. Officials declined to answer questions about whether the recent disappearance of the REvil gang, which was responsible for the mammoth Kaseya attack over the Fourth of July weekend, was a result of U.S. actions.
“Our cyber response will continue to manifest in unseen and seen ways,” a senior administration official said. “Although we will not be in a position to provide detailed progress of all efforts, we will intermittently report on the holistic progress departments and agencies are making together to confront this years-long escalating threat.”
It’s also not clear what sort of international cooperation U.S. officials are seeking from allies — or if U.S. officials or allies will have the stomach for some of the most aggressive actions that have been suggested, such as severe sanctions on Russian Internet firms or its oil and gas sector.
One clear area of international cooperation will be increasing the transparency of cryptocurrency exchanges.
Among the announcements coming today is an international effort run by the Treasury Department focused on making it easier for law enforcement to track major cryptocurrency payments so they can stop ransoms before they reach hackers’ wallets.
Domestic efforts are somewhat clearer.
Officials are exploring how they can work with cyber insurance providers to improve digital security across critical industries.
They're also pushing for more transparency from companies about when they're hacked and mulling requiring such reporting from some key industries.
That move won support from many lawmakers considering a bill to mandate reporting to government about all cyber incidents affecting critical industries such as energy firms, pipelines and airports as well as from government contractors and cybersecurity companies.
“Most of the private sector critical infrastructure entities understand there’s a new relationship that has to be established,” Sen. Angus King (I-Maine) said. “This is something we have to move quickly on because the battle space is the control room of a utility or the basement of a bank.”
The Cybersecurity and Infrastructure Security Agency is also launching a new website this morning: stopransomware.gov.
Another clear message from the administration: U.S. officials aren’t waiting on cooperation from Russia.
Top U.S. and Russian officials have been meeting to discuss ransomware since Biden confronted Russian President Vladimir Putin about the topic at a summit in Geneva last month — including in a meeting yesterday.
Biden pressured Putin again in a phone call after the Kaseya ransomware attack, which was the largest ever launched from Russian territory. He even pledged the United States will take “any necessary action” to defend U.S. infrastructure.
But officials made limited mention of those efforts yesterday in a call with reporters or in a telephone briefing with the full Senate. Instead those calls focused on work being done by U.S. government and industry and in cooperation with foreign allies.
“We're looking for an enduring impact on the ransomware that's plaguing companies around the world, governments around the world, and that's the measure for us — an enduring impact,” the official said.
The keys
Hackers are targeting German politicians ahead of September elections.
Authorities there are seeing some preparations to leak real or fake documents to influence the election, the Associated Press reports. Officials described the efforts, however, as being at a relatively low intensity. The country’s spy services “definitely see the interest of certain states in exerting influence on this year’s parliamentary election,” Germany’s domestic intelligence agency chief Thomas Haldenwang said.
The attacks come as Germany prepares for a vote that will determine the successor to longtime Chancellor Angela Merkel. Merkel is set to meet with Biden in Washington today.
The United Kingdom’s spy agency is doubling its spending on countering threats from China, Iran and Russia.
The announcement came as MI5 chief Ken McCallum warned the British public to be as vigilant about threats from those countries as they are about terrorist attacks, the BBC’s Gordon Corera reports.
McCallum also criticized Facebook for deploying the strongest forms of encryption technology on platforms such as WhatsApp, saying the company’s plans “will hand a gift to the terrorists MI5 has to find and tackle — and a gift to the child abusers our colleagues in the National Crime Agency have to find and tackle.”
U.K. and U.S. officials have said the end-to-end encryption used by Facebook and other tech firms makes citizens less safe because it prevents law enforcement from gaining access to those communications with a warrant. Tech firms argue that weaker forms of encryption will make their customers more vulnerable to hacking.
“WhatsApp believes governments should be demanding greater security for people's most personal information,” Carl Woog, a spokesman for WhatsApp and its head, Will Cathcart, told The Cybersecurity 202. “The range of cyberthreats are increasing and people deserve the very best technology to keep them and their messages safe.”
Activists sued the Election Assistance Commission, saying it changed voting equipment standards after private meetings with manufacturers.
The lawsuit argues that meetings between EAC officials and voting machine firms should have been open to the public and the changes the commission made to its voting machine guidelines should have been shared earlier with the EAC’s advisory and standards boards, the Associated Press reports.
The lawsuit stems from the EAC’s controversial decision in February to continue allowing voting machines with hardware that can connect to the Internet in its updated set of voluntary standards.
The group Free Speech for People brought the lawsuit with Philip Stark, a University of California, Berkeley computer scientist who sits on the EAC’s advisory board. Under the new standards voting machines are allowed to have network connections but those connections must be disabled. Cybersecurity experts say that leaves the machines too vulnerable to cyberattacks. The EAC did not respond to a request for comment.
The EAC standards are voluntary but often adopted as part of states' mandatary standards.
Securing the ballot
House Democrats are investigating the partisan election audit in Maricopa County, Ariz.
The House Oversight Committee asked cybersecurity firm Cyber Ninjas, which is overseeing the audit, for a wide swath of information, including its communications with former president Donald Trump and his allies, Eugene Scott reports. The lawmakers gave the firm two weeks to respond to their request.
Government scan
Hill happenings
Senate committee advances cyber bills.
The Senate Homeland Security and Governmental Affairs Committee unanimously advanced two cybersecurity bills. One would direct CISA to work with K-12 schools to assess their cyber risks and build a cybersecurity tool kit. The other aims to create a government training program to teach federal employees about supply-chain risks.
Industry report
Cyber insecurity
Daybook
- The Senate Commerce Committee holds a hearing on supply chain resiliency today at 10:30 a.m.
- The Internet Governance Forum USA conference hosts panels on supply chain security and securing the Internet of Things today at 10:30 a.m. and 12:15 p.m.
- The House Homeland Security Committee holds a hearing on changes to the Department of Homeland Security to meet today’s threats today at noon.
- A House Intelligence Committee panel holds a hearing on microelectronics security and innovation on July 20 at 10 a.m.
- The House Committee on Small Business holds a hearing on small businesses’ cybersecurity on July 20 at 10 a.m.
- A House Energy and Commerce Committee panel holds a hearing on ransomware on July 20 at 10:30 a.m.
- The Senate Committee on Environment and Public Works holds a hearing on cybersecurity vulnerabilities in physical infrastructure on July 21 at 10 a.m.